Introduction to Exploitation
2 likes1,115 views
The document provides an introduction to exploitation and offers various resources and tools for getting started in computer security, focusing on different areas such as network, system, web, cryptography, and binary exploitation. It outlines specific tools like Kali Linux, Metasploit, and Burp Suite along with practice platforms like HackTheBox and OverTheWire. The document also lists events, meetings, and online resources for further learning and community engagement.
Introduction to Exploitation
- 2. Get Involved ● Discord - discord.gg/kuejt8p ● Fire Talks - October 24th, 2018 ● Live Stream - Whenever you want* ● CSG CTF - ctf.utdcsg.club
- 3. Events ● Hardware Hacking Hangout - Friday @ 7 pm in ECSS 4.619 ● CSAW CTF - Saturday @ 1 pm to 5 pm in ECSS 4.619 ● Elastic - Next Wednesday @ 7 pm in MC 2.410
- 4. Goal for tonight: Answer the question “How do I get started?”
- 5. Getting started in Computer Security ● Plenty of resources exist to get started with different areas of security ● You get out what you put into it
- 6. Intro to Exploitation ● General Goals: ○ Lateral Movement ○ Command and Control ○ Data Exfiltration
- 7. General Tools ● Kali Linux - contains many exploitation tools pre-installed ● FLARE VM - contains many security tools for use in a Windows environment
- 8. “Fields” of Exploitation ● Network ● System ○ Linux ○ Windows ○ Other ● Cryptography ● Web ● Binary
- 9. Network Attacking the network and network services, often to access machines on said network. Examples: ● Attacking Windows domains ● Attacking cloud infrastructure Tools: ● nmap Practice: ● HackTheBox ● CloudGoat
- 10. Linux Escalating privileges, exfiltrating data, establishing persistence, and more. Examples: ● Hacking Linux? Tools ● bash ● Metasploit ● Linux Knowledge Practice ● OverTheWire - Bandit ● HackTheBox ● Metasploitable 2
- 11. Windows Escalating privileges, exfiltrating data, establishing persistence, and more. Examples: ● Hacking Windows? Tools ● Powershell ● Metasploit ● Windows Knowledge Practice ● HackTheBox ● Metasploitable 3 ● Immersive Labs (Powershell)
- 12. Cryptography Breaking ciphers, forging signatures, doing magic(?) Examples ● Forging authentication tokens ● Breaking encryption Tools ● SAGE ● Python ● Patience Practice ● CryptoPals ● id0-rsa
- 13. Web Dumping databases, gaining code execution, breaking webscale, learning too many frameworks Examples ● SQL Injection ● Code Execution ● Local File Includes Tools ● Burp Suite ● Browser Developer Tools Practice ● HackTheBox ● OverTheWire - Natas ● WebGoat
- 14. Binary Exploiting flaws in a program to do “fun” things Example ● Bypassing authentication ● Gaining code execution Tools ● gdb (Debuggers) ● IDA Pro (Disassemblers) Practice ● pwnable.kr ● Protostar ● The Assembly Group
- 15. Overall Being well “read” can give you a significant edge in security YouTube - Tutorials ● LiveOverflow ● GynvaelEN YouTube - Talks ● DefCon ● BlackHat ● media.ccc.de (34C3) News/Blogs ● /r/NetSec ● HackerNews
- 16. Demo Physical access attacks with Tiny Core Linux ● Replacing Magnify.exe with cmd.exe